Discovery of OSCORE Groups with the CoRE Resource Directory
draft-tiloca-core-oscore-discovery-02

Document Type Active Internet-Draft (individual)
Last updated 2019-03-11
Stream (None)
Intended RFC status (None)
Formats plain text pdf html bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state I-D Exists
Telechat date
Responsible AD (None)
Send notices to (None)
CoRE Working Group                                             M. Tiloca
Internet-Draft                                                   RISE AB
Intended status: Standards Track                              C. Amsuess
Expires: September 12, 2019
                                                         P. van der Stok
                                                              Consultant
                                                          March 11, 2019

      Discovery of OSCORE Groups with the CoRE Resource Directory
                 draft-tiloca-core-oscore-discovery-02

Abstract

   Group communication over the Constrained Application Protocol (CoAP)
   can be secured by means of Object Security for Constrained RESTful
   Environments (OSCORE).  At deployment time, devices may not know the
   exact OSCORE groups to join, the respective Group Manager, or other
   information required to perform the joining process.  This document
   describes how CoAP endpoints can use the CoRE Resource Directory to
   discover OSCORE groups and acquire information to join them through
   their respective Group Manager.  A same OSCORE group may protect
   multiple application groups, which are separately announced in the
   Resource Directory as sets of endpoints sharing a pool of resources.
   This approach is consistent with, but not limited to, the joining of
   OSCORE groups based on the ACE framework for Authentication and
   Authorization in constrained environments.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on September 12, 2019.

Tiloca, et al.         Expires September 12, 2019               [Page 1]
Internet-Draft   OSCORE group discovery with the CoRE RD      March 2019

Copyright Notice

   Copyright (c) 2019 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Terminology . . . . . . . . . . . . . . . . . . . . . . .   4
   2.  Registration Resource for Group Managers  . . . . . . . . . .   5
   3.  Registration of Group Manager Endpoints . . . . . . . . . . .   5
   4.  Addition and Update of OSCORE Groups  . . . . . . . . . . . .   6
   5.  Discovery of OSCORE Groups  . . . . . . . . . . . . . . . . .   7
     5.1.  Discovery Example #1  . . . . . . . . . . . . . . . . . .   8
     5.2.  Discovery Example #2  . . . . . . . . . . . . . . . . . .   9
   6.  Security Considerations . . . . . . . . . . . . . . . . . . .  10
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  10
     7.1.  Resource Types  . . . . . . . . . . . . . . . . . . . . .  10
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  11
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .  11
     8.2.  Informative References  . . . . . . . . . . . . . . . . .  11
   Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . .  12
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  12

1.  Introduction

   A set of CoAP endpoints may share a common pool of resources, hence
   composing an application group.  All the members of an application
   group may also be members of a same security group, hence sharing a
   common set of keying material to secure group communication.

   The Constrained Application Protocol (CoAP) [RFC7252] supports group
   communication over IP multicast [RFC7390] to improve efficiency and
   latency of communication and reduce bandwidth requirements.  The
   method Object Security for Constrained RESTful Environments (OSCORE)
   [I-D.ietf-core-object-security] enables end-to-end security for CoAP
   messages through CBOR Object Signing and Encryption (COSE) [RFC8152].

Tiloca, et al.         Expires September 12, 2019               [Page 2]
Internet-Draft   OSCORE group discovery with the CoRE RD      March 2019

   In particular, [I-D.ietf-core-oscore-groupcomm] specifies how OSCORE
   protects CoAP messages in group communication contexts, so enabling
   OSCORE groups as security groups.  Typically, one application group
   relies on exactly one OSCORE group, while a same OSCORE group may be
   used by multiple application groups at the same time.

   A CoAP endpoint joins an OSCORE group via the responsible Group
   Manager (GM), in order to get the necessary group keying material.
   As in [I-D.ietf-ace-key-groupcomm-oscore], the joining process can be
   based on the ACE framework for Authentication and Authorization in
   constrained environments [I-D.ietf-ace-oauth-authz], with the joining
   endpoint and the GM as ACE Client and Resource Server, respectively.
   That is, the joining endpoint accesses the join resource associated
   to the OSCORE group of interest and exported by the GM.

   Typically, devices are equipped with a static X509 IDevID certificate
   installed at manufacturing time.  This certificate is used at
   deployment time during an enrollment process that provides the device
   with an Operational Certificate, possibly updated during the device
   lifetime.  In the presence of secure group communication for CoAP,
   such an Operational Certificate may be accompanied by information
   required to join OSCORE groups.  This especially includes a reference
   to the join resources to access at the respective GMs.

   However, it is usually impossible to provide such precise information
   to freshly deployed devices as part of their (early) Operational
   Certificate.  This can be due to a number of reasons: the OSCORE
   group(s) to join and the responsible GM(s) are generally unknown at
   manufacturing time; an OSCORE group of interest is created, or the
   responsible GM is deployed, only after the device is enrolled and
   fully operative in the network; information related to existing
   OSCORE groups or to their GMs has been changed.  This requires a
   method for CoAP endpoints to dynamically discover OSCORE groups and
   their GM, and to retrieve updated information about those groups.

   This specification describes how CoAP endpoints can use the CoRE
   Resource Directory (RD) [I-D.ietf-core-resource-directory] for
   discovering an OSCORE group and retrieving the information required
   to join that group through the responsible GM.  In principle, the GM
   registers as an endpoint with the RD.  The corresponding registration
   resource includes one link for each OSCORE group under that GM,
   specifying the path to the related join resource.

   More information about the OSCORE group is stored in the target
   attributes of the respective link.  This especially includes the
   identifiers of the application groups which use that OSCORE group.
   This enables a lookup of those application groups at the Resource

Tiloca, et al.         Expires September 12, 2019               [Page 3]
Internet-Draft   OSCORE group discovery with the CoRE RD      March 2019

   Directory, where they are separately announced by a Commissioning
   Tool (see Appendix A of [I-D.ietf-core-resource-directory]).

   When querying the RD for OSCORE groups, a CoAP endpoint can further
   benefit of the CoAP Observe Option [RFC7641].  This enables
   convenient notifications about the creation of new OSCORE groups or
   the updates of information concerning existing ones.  Thus, it
   facilitates the early deployment of CoAP endpoints, i.e. even before
   the GM is deployed and the OSCORE groups of interest are created.

   The approach in this document is consistent with, but not limited to,
   the joining of OSCORE groups in [I-D.ietf-ace-key-groupcomm-oscore].

1.1.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

   This specification requires readers to be familiar with the terms and
   concepts discussed in [I-D.ietf-core-resource-directory] and
   [RFC6690].  Readers should also be familiar with the terms and
   concepts discussed in [RFC7252], [I-D.ietf-core-oscore-groupcomm] and
   [I-D.ietf-ace-key-groupcomm-oscore].

   Terminology for constrained environments, such as "constrained
   device" and "constrained-node network", is defined in [RFC7228].

   This document also refers to the following terminology.

   o  OSCORE group: a set of CoAP endpoints that share a same OSCORE
      Common Security Context to protect group communication as
      described in [I-D.ietf-core-oscore-groupcomm].  That is, an OSCORE
      group acts as security group for all its members.

   o  Application group: a set of CoAP endpoints that share a set of
      common resources.  Application groups are announced in the RD by a
      Commissioning Tool, according to the RD-Groups usage pattern (see
      Appendix A of [I-D.ietf-core-resource-directory]).  An application
      group can be associated to a single OSCORE group, while different
      application groups can rely on the same OSCORE group.  Application
      groups MAY share resources.  Any two application groups associated
      to the same OSCORE group do not share any resource.

   o  Zeroed-epoch Group ID: this refers to the Group ID of an OSCORE
      group as stored in the RD.  The structure of such a stored Group

Tiloca, et al.         Expires September 12, 2019               [Page 4]
Internet-Draft   OSCORE group discovery with the CoRE RD      March 2019

      ID is as per Appendix C of [I-D.ietf-core-oscore-groupcomm], with
      the "Group Epoch" part immutable and set to zero.

2.  Registration Resource for Group Managers

   With reference to Figure 3 of [I-D.ietf-core-resource-directory], a
   Group Manager (GM) registers as an endpoint with the CoRE Resource
   Directory (RD).  The registration includes the links to the join
   resources at the GM, associated to the OSCORE groups under that GM.

   In particular, each link to a join resource includes:

   o  "target": URI of the join resource at the GM.

   o  target attributes, including:

      *  Resource Type (rt) with the value "core.osc.j" defined in
         Section 7.1 of this specification.

      *  The zeroed-epoch Group ID of the OSCORE group.

      *  One target attribute for each application group associated to
         the OSCORE group, specifying the name of that application
         group.

3.  Registration of Group Manager Endpoints

   Upon deployment, a GM finds the RD as described in Section 4 of
   [I-D.ietf-core-resource-directory].  After that, the GM registers as
   an endpoint with the RD, as described in Section 5.3 of
   [I-D.ietf-core-resource-directory].

   When doing so, the GM MUST also register all the join resources it is
   exporting at that point in time, i.e. one for each of its OSCORE
   groups.

   For each registered join resource, the GM MUST specify the following
   parameters in the payload of the registration request.

   o  'rt' = "core.osc.j" (see Section 7.1).

   o  'oscore-gid', specifying the zeroed-epoch Group ID of the OSCORE
      group of interest.  This parameter MUST specify a single value.

   o  'app-gp', specifying the name(s) of the application group(s)
      associated to the OSCORE group of interest.  This parameter MAY be
      included multiple times, and each occurrence MUST specify the name

Tiloca, et al.         Expires September 12, 2019               [Page 5]
Internet-Draft   OSCORE group discovery with the CoRE RD      March 2019

      of one application group.  A same application group MUST NOT be
      specified multiple times.

   The GM SHOULD NOT use the Simple Registration approach described in
   Section 5.3.1 of [I-D.ietf-core-resource-directory].

   The example below shows a GM with endpoint name "gm1" and address
   2001:db8::ab that registers with the RD.  The GM specifies the link
   to one join resource for accessing the OSCORE group with zeroed-epoch
   Group ID "feedca570000" and used by one application group with name
   "group1".

   Request: GM -> RD

   Req: POST coap://rd.example.com/rd?ep=gm1
   Content-Format: 40
   Payload:
   </join/feedca570000>;ct=41;rt="core.osc.j";
   oscore-gid="feedca570000";app-gp="group1"

   Response: RD -> GM

   Res: 2.01 Created
   Location-Path: /rd/4521

4.  Addition and Update of OSCORE Groups

   The GM is responsible to keep its registration with the RD up to date
   with links to all its join resources.  This means that the GM has to
   update the registration within its lifetime as per Section 5.4.1 of
   [I-D.ietf-core-resource-directory], and has to change the content of
   the registration when a join resource is added/removed or if its
   target attributes have to be changed, such as in the following cases.

   o  The GM creates a new OSCORE group and starts exporting the related
      join resource.

   o  The GM dismisses an OSCORE group and stops exporting the related
      join resource.

   o  Information related to an existing OSCORE group changes, e.g. the
      list of associated application groups.

   In order to perform an update to the set of links in its
   registration, the GM can re-register with the RD and fully specify
   all links to its join resources and their target attributes in the
   payload of the POST request.

Tiloca, et al.         Expires September 12, 2019               [Page 6]
Internet-Draft   OSCORE group discovery with the CoRE RD      March 2019

   The example below shows the same GM from Section 3 that re-registers
   with the RD.  When doing so, it specifies:

   o  The same previous join resource associated to the OSCORE group
      with zeroed-epoch Group ID "feedca570000".

   o  A second join resource associated to the OSCORE group with zeroed-
      epoch Group ID "ech0ech00000" and used by one application group,
      namely "group2".

   o  A third join resource associated to the OSCORE group with zeroed-
      epoch Group ID "abcdef120000" and used by two application groups,
      namely "group3" and "group4".

   Request: GM -> RD

   Req: POST coap://rd.example.com/rd?ep=gm1
   Content-Format: 40
   Payload:
   </join/feedca570000>;ct=41;rt="core.osc.j";
   oscore-gid="feedca570000";app-gp="group1",
   </join/ech0ech00000>;ct=41;rt="core.osc.j";
   oscore-gid="ech0ech00000";app-gp="group2",
   </join/abcdef120000>;ct=41;rt="core.osc.j";
   oscore-gid="abcdef120000";app-gp="group3";app-gp="group4"

   Response: RD -> GM

   Res: 2.04 Changed
   Location-Path: /rd/4521

   Alternatively, the GM can perform a PATCH/iPATCH [RFC8132] request to
   the RD, as per Section 5.4.3 of [I-D.ietf-core-resource-directory].
   This requires semantics to be defined in future standards, in order
   to apply a link-format document as a patch to a different one.

5.  Discovery of OSCORE Groups

   A CoAP endpoint that wants to join an OSCORE group, hereafter called
   the joining node, might not have all the necessary information at
   deployment time.  Also, it might want to know about possible new
   OSCORE groups created afterwards by the respective Group Managers.

   To this end, the joining node can perform a resource lookup at the RD
   as per Section 6.1 of [I-D.ietf-core-resource-directory], in order to
   retrieve the missing pieces of information needed to join the OSCORE
   group(s) of interest.  The joining node can find the RD as described
   in Section 4 of [I-D.ietf-core-resource-directory].

Tiloca, et al.         Expires September 12, 2019               [Page 7]
Internet-Draft   OSCORE group discovery with the CoRE RD      March 2019

   The joining node MUST consider the following search criteria for the
   lookup filtering.

   o  'rt' = "core.osc.j" (see Section 7.1).

   The joining node MAY additionally consider the following search
   criteria for the lookup filtering, depending on the information it
   has already available.

   o  'oscore-gid', specifying the zeroed-epoch Group ID of the OSCORE
      group of interest.  This parameter MUST specify a single value.

   o  'ep', specifying the identifier of the GM as endpoint registered
      with the RD.

   o  'app-gp', specifying the name(s) of the application group(s)
      associated to the OSCORE group of interest.  This parameter MAY be
      included multiple times, and each occurrence MUST specify the name
      of one application group.  A same application group MUST NOT be
      specified multiple times.

5.1.  Discovery Example #1

   Consistently with the examples in Section 3 and Section 4, the
   example below considers a joining node that wants to join the OSCORE
   group associated to the application group "group1", but that does not
   know the zeroed-epoch Group ID of the OSCORE group, the responsible
   GM and the join resource to access.

   Request: Joining node -> RD

   Req: GET coap://rd.example.com/lookup/res?rt=core.osc.j&app-gp=group1

   Response: RD -> Joining node

   Res: 2.05 Content
   Payload:
   <coap://[2001:db8::ab]/join/feedca570000>;rt="core.osc.j";
   oscore-gid="feedca570000";app-gp="group1";
   anchor="coap://[2001:db8::ab]"

   If it does not know the multicast IP address used in "group1", the
   joining node can retrieve it by performing an endpoint lookup as
   shown below.  The following assumes that the application group
   "group1" had been previously registered as per Appendix A of
   [I-D.ietf-core-resource-directory], with ff35:30:2001:db8::23 as
   associated multicast IP address.

Tiloca, et al.         Expires September 12, 2019               [Page 8]
Internet-Draft   OSCORE group discovery with the CoRE RD      March 2019

   Request: Joining node -> RD

   Req: GET coap://rd.example.com/lookup/ep?et=core.rd-group&ep=group1

   Response: RD -> Joining node

   Res: 2.05 Content
   Payload:
   </rd/501>;ep="group1";et="core.rd-group";\
   base="coap://[ff35:30:2001:db8::23]"

5.2.  Discovery Example #2

   Consistently with the examples in Section 3 and Section 4, the
   example below considers a joining node that wants to join the OSCORE
   group with zeroed-epoch Group ID "feedca570000", but that does not
   know the responsible GM, the join resource to access, and the
   associated application groups.

   The example also shows how the joining node uses observation
   [RFC7641], in order to be notified of possible changes in the join
   resource's target attributes.  This is also useful to handle the case
   where the OSCORE group of interest has not been created yet, so that
   the joining node can receive the requested information when available
   at a later point in time.

   Request: Joining node -> RD

   Req: GET coap://rd.example.com/lookup/res?rt=osc.j&\
   oscore-gid=feedca570000
   Observe: 0

   Response: RD -> Joining node

   Res: 2.05 Content
   Observe: 24
   Payload:
   <coap://[2001:db8::ab]/join/feedca570000>;rt="osc.j";
   oscore-gid="feedca570000";app-gp="group1";
   anchor="coap://[2001:db8::ab]"

   Depending on the used search criteria, the joining node performing
   the resource lookup can get a response whose payload is quite large
   in size.  This can happen, for instance, in case the lookup request
   targets all the join resources at a specified GM, or all the join
   resources of all the registered GMs, as in the example below.

   Request: Joining node -> RD

Tiloca, et al.         Expires September 12, 2019               [Page 9]
Internet-Draft   OSCORE group discovery with the CoRE RD      March 2019

   Req: GET coap://rd.example.com/lookup/res?rt=osc.j

   Response: RD -> Joining node

   Res: 2.05 Content
   Payload:
   <coap://[2001:db8::ab]/join/feedca570000>;rt="osc.j";
   oscore-gid="feedca570000";app-gp="group1";
   anchor="coap://[2001:db8::ab]",
   <coap://[2001:db8::ab]/join/ech0ech00000>;rt="osc.j";
   oscore-gid="ech0ech00000";app-gp="group2";
   anchor="coap://[2001:db8::ab]",
   <coap://[2001:db8::cd]/join/abcdef120000>;rt="osc.j";
   oscore-gid="abcdef120000";app-gp="group3";app-gp="group4";
   anchor="coap://[2001:db8::cd]"

   Therefore, it is RECOMMENDED that a joining node performing a
   resource lookup to discover OSCORE groups uses observation only when
   including the fine-grained seach criterion 'oscore-gid' in its GET
   request sent to the RD.

6.  Security Considerations

   The security considerations as described in Section 8 of
   [I-D.ietf-core-resource-directory] apply here as well.

7.  IANA Considerations

   This document has the following actions for IANA.

7.1.  Resource Types

   IANA is asked to enter the following value into the Resource Type
   (rt=) Link Target Attribute Values subregistry within the Constrained
   Restful Environments (CoRE) Parameters registry defined in [RFC6690].

         +------------+----------------------+-------------------+
         | Value      | Description          | Reference         |
         +------------+----------------------+-------------------+
         |            |                      |                   |
         | core.osc.j | Join resource of an  | [[this document]] |
         |            | OSCORE Group Manager |                   |
         |            |                      |                   |
         +------------+----------------------+-------------------|

Tiloca, et al.         Expires September 12, 2019              [Page 10]
Internet-Draft   OSCORE group discovery with the CoRE RD      March 2019

8.  References

8.1.  Normative References

   [I-D.ietf-ace-key-groupcomm-oscore]
              Tiloca, M., Park, J., and F. Palombini, "Key Management
              for OSCORE Groups in ACE", draft-ietf-ace-key-groupcomm-
              oscore-01 (work in progress), March 2019.

   [I-D.ietf-core-oscore-groupcomm]
              Tiloca, M., Selander, G., Palombini, F., and J. Park,
              "Group OSCORE - Secure Group Communication for CoAP",
              draft-ietf-core-oscore-groupcomm-04 (work in progress),
              March 2019.

   [I-D.ietf-core-resource-directory]
              Shelby, Z., Koster, M., Bormann, C., Stok, P., and C.
              Amsuess, "CoRE Resource Directory", draft-ietf-core-
              resource-directory-19 (work in progress), January 2019.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC6690]  Shelby, Z., "Constrained RESTful Environments (CoRE) Link
              Format", RFC 6690, DOI 10.17487/RFC6690, August 2012,
              <https://www.rfc-editor.org/info/rfc6690>.

   [RFC7252]  Shelby, Z., Hartke, K., and C. Bormann, "The Constrained
              Application Protocol (CoAP)", RFC 7252,
              DOI 10.17487/RFC7252, June 2014,
              <https://www.rfc-editor.org/info/rfc7252>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/info/rfc8174>.

8.2.  Informative References

   [I-D.ietf-ace-oauth-authz]
              Seitz, L., Selander, G., Wahlstroem, E., Erdtman, S., and
              H. Tschofenig, "Authentication and Authorization for
              Constrained Environments (ACE) using the OAuth 2.0
              Framework (ACE-OAuth)", draft-ietf-ace-oauth-authz-22
              (work in progress), March 2019.

Tiloca, et al.         Expires September 12, 2019              [Page 11]
Internet-Draft   OSCORE group discovery with the CoRE RD      March 2019

   [I-D.ietf-core-object-security]
              Selander, G., Mattsson, J., Palombini, F., and L. Seitz,
              "Object Security for Constrained RESTful Environments
              (OSCORE)", draft-ietf-core-object-security-16 (work in
              progress), March 2019.

   [RFC7228]  Bormann, C., Ersue, M., and A. Keranen, "Terminology for
              Constrained-Node Networks", RFC 7228,
              DOI 10.17487/RFC7228, May 2014,
              <https://www.rfc-editor.org/info/rfc7228>.

   [RFC7390]  Rahman, A., Ed. and E. Dijk, Ed., "Group Communication for
              the Constrained Application Protocol (CoAP)", RFC 7390,
              DOI 10.17487/RFC7390, October 2014,
              <https://www.rfc-editor.org/info/rfc7390>.

   [RFC7641]  Hartke, K., "Observing Resources in the Constrained
              Application Protocol (CoAP)", RFC 7641,
              DOI 10.17487/RFC7641, September 2015,
              <https://www.rfc-editor.org/info/rfc7641>.

   [RFC8132]  van der Stok, P., Bormann, C., and A. Sehgal, "PATCH and
              FETCH Methods for the Constrained Application Protocol
              (CoAP)", RFC 8132, DOI 10.17487/RFC8132, April 2017,
              <https://www.rfc-editor.org/info/rfc8132>.

   [RFC8152]  Schaad, J., "CBOR Object Signing and Encryption (COSE)",
              RFC 8152, DOI 10.17487/RFC8152, July 2017,
              <https://www.rfc-editor.org/info/rfc8152>.

Acknowledgments

   The authors sincerely thank Carsten Bormann, Francesca Palombini and
   Jim Schaad for their comments and feedback.

   The work on this document has been partly supported by VINNOVA and
   the Celtic-Next project CRITISEC, and by the EIT-Digital High Impact
   Initiative ACTIVE.

Authors' Addresses

   Marco Tiloca
   RISE AB
   Isafjordsgatan 22
   Kista  SE-16440 Stockholm
   Sweden

   Email: marco.tiloca@ri.se

Tiloca, et al.         Expires September 12, 2019              [Page 12]
Internet-Draft   OSCORE group discovery with the CoRE RD      March 2019

   Christian Amsuess
   Hollandstr. 12/4
   Vienna  1020
   Austria

   Email: christian@amsuess.com

   Peter van der Stok
   Consultant

   Phone: +31-492474673 (Netherlands), +33-966015248 (France)
   Email: consultancy@vanderstok.org
   URI:   www.vanderstok.org

Tiloca, et al.         Expires September 12, 2019              [Page 13]